To Next Page

To Previous Page

User authentication Terminal AccessController Access-Control System Plus(TACACS+)

IX20 User Guide

899

11. Click Apply to save the configuration and apply the change.

 Command line

1. Select the device in Remote Manager and click Actions> Open Console, or log into the IX20

local command line as a user with full Admin access rights.

Depending on your device configuration, you may be presented with an Access selection

menu. Type admin to accessthe Admin CLI.

2. At the command line, type config to enter configuration mode:

> config

(config)>

3. (Optional) Prevent other authentication methodsfrom being used if TACACS+ authentication

fails. Other authentication methodswill only be used if the TACACS+ server is unavailable.

(config)> auth tacacs+ authoritative true

(config)>

4. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+

server's configuration to identify the IX20 authentication group or groupsthat the user isa

member of. For example, in TACACS+user configuration, the group attribute in the sample tac_

plus.conf file isgroupname, which is also the default setting for the group_attribute in the

IX20 configuration.

(config)> auth tacacs+ group_attribute attribute-name

(config)>

5. (Optional) Configure the type of service. Thisis the value of the service attribute in the the

TACACS+server's configuration. For example, in TACACS+user configuration, the value of the

service attribute in the sample tac_plus.conf file issystem, which is also the default setting in

the IX20 configuration.

(config)> auth tacacs+ service service-name

(config)>

6. (Optional) Enable command authorization, which instructs the device to communicate with the

TACACS+server to determine if the user is authorized to execute a specific command. Only the

first configured TACACS+server will be used for command authorization.

(config)> auth tacacs+ command_authorization true

(config)>

7. (Optional) Enable command accounting, which instructs the device to communicate with the

TACACS+server to log commandsthat the user executes. Only the first configured TACACS+

server will be used for command accounting.

(config)> auth tacacs+ command_accounting true

(config)>

Digi IX20 User Manual

Questions and Answers: